static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom) { NTSTATUS ret; struct idmap_ldap_context *ctx = NULL; char *config_option = NULL; const char *tmp = NULL; /* Only do init if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; } ctx = talloc_zero(dom, struct idmap_ldap_context); if ( ! ctx) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } config_option = talloc_asprintf(ctx, "idmap config %s", dom->name); if (!config_option) { DEBUG(0, ("Out of memory!\n")); ret = NT_STATUS_NO_MEMORY; goto done; } tmp = lp_parm_const_string(-1, config_option, "ldap_url", NULL); if ( ! tmp) { DEBUG(1, ("ERROR: missing idmap ldap url\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } ctx->url = talloc_strdup(ctx, tmp); trim_char(ctx->url, '\"', '\"'); tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL); if ( ! tmp || ! *tmp) { tmp = lp_ldap_idmap_suffix(talloc_tos()); if ( ! tmp) { DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } } ctx->suffix = talloc_strdup(ctx, tmp); CHECK_ALLOC_DONE(ctx->suffix); ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops); CHECK_ALLOC_DONE(ctx->rw_ops); ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal; ctx->rw_ops->set_mapping = idmap_ldap_set_mapping; /* get_credentials deals with setting up creds */ ret = smbldap_init(ctx, winbind_event_context(), ctx->url, false, NULL, NULL, &ctx->smbldap_state); if (!NT_STATUS_IS_OK(ret)) { DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", ctx->url)); goto done; } ret = get_credentials( ctx, ctx->smbldap_state, config_option, dom, &ctx->user_dn ); if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(1,("idmap_ldap_db_init: Failed to get connection " "credentials (%s)\n", nt_errstr(ret))); goto done; } /* * Set the destructor on the context, so that resources are * properly freed when the context is released. */ talloc_set_destructor(ctx, idmap_ldap_close_destructor); dom->private_data = ctx; ret = verify_idpool(dom); if (!NT_STATUS_IS_OK(ret)) { DEBUG(1, ("idmap_ldap_db_init: failed to verify ID pool (%s)\n", nt_errstr(ret))); goto done; } talloc_free(config_option); return NT_STATUS_OK; /*failed */ done: talloc_free(ctx); return ret; }
static NTSTATUS idmap_ldap_alloc_init(const char *params) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; const char *range; const char *tmp; uid_t low_uid = 0; uid_t high_uid = 0; gid_t low_gid = 0; gid_t high_gid = 0; /* Only do init if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; } idmap_alloc_ldap = TALLOC_ZERO_P(NULL, struct idmap_ldap_alloc_context); CHECK_ALLOC_DONE( idmap_alloc_ldap ); /* load ranges */ idmap_alloc_ldap->low_uid = 0; idmap_alloc_ldap->high_uid = 0; idmap_alloc_ldap->low_gid = 0; idmap_alloc_ldap->high_gid = 0; range = lp_parm_const_string(-1, "idmap alloc config", "range", NULL); if (range && range[0]) { unsigned low_id, high_id; if (sscanf(range, "%u - %u", &low_id, &high_id) == 2) { if (low_id < high_id) { idmap_alloc_ldap->low_gid = low_id; idmap_alloc_ldap->low_uid = low_id; idmap_alloc_ldap->high_gid = high_id; idmap_alloc_ldap->high_uid = high_id; } else { DEBUG(1, ("ERROR: invalid idmap alloc range " "[%s]", range)); } } else { DEBUG(1, ("ERROR: invalid syntax for idmap alloc " "config:range [%s]", range)); } } if (lp_idmap_uid(&low_uid, &high_uid)) { idmap_alloc_ldap->low_uid = low_uid; idmap_alloc_ldap->high_uid = high_uid; } if (lp_idmap_gid(&low_gid, &high_gid)) { idmap_alloc_ldap->low_gid = low_gid; idmap_alloc_ldap->high_gid= high_gid; } if (idmap_alloc_ldap->high_uid <= idmap_alloc_ldap->low_uid) { DEBUG(1, ("idmap uid range missing or invalid\n")); DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } if (idmap_alloc_ldap->high_gid <= idmap_alloc_ldap->low_gid) { DEBUG(1, ("idmap gid range missing or invalid\n")); DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } if (params && *params) { /* assume location is the only parameter */ idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, params); } else { tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_url", NULL); if ( ! tmp) { DEBUG(1, ("ERROR: missing idmap ldap url\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } idmap_alloc_ldap->url = talloc_strdup(idmap_alloc_ldap, tmp); } CHECK_ALLOC_DONE( idmap_alloc_ldap->url ); tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_base_dn", NULL); if ( ! tmp || ! *tmp) { tmp = lp_ldap_idmap_suffix(); if ( ! tmp) { DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } } idmap_alloc_ldap->suffix = talloc_strdup(idmap_alloc_ldap, tmp); CHECK_ALLOC_DONE( idmap_alloc_ldap->suffix ); ret = smbldap_init(idmap_alloc_ldap, winbind_event_context(), idmap_alloc_ldap->url, &idmap_alloc_ldap->smbldap_state); if (!NT_STATUS_IS_OK(ret)) { DEBUG(1, ("ERROR: smbldap_init (%s) failed!\n", idmap_alloc_ldap->url)); goto done; } ret = get_credentials( idmap_alloc_ldap, idmap_alloc_ldap->smbldap_state, "idmap alloc config", NULL, &idmap_alloc_ldap->user_dn ); if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(1,("idmap_ldap_alloc_init: Failed to get connection " "credentials (%s)\n", nt_errstr(ret))); goto done; } /* see if the idmap suffix and sub entries exists */ ret = verify_idpool(); done: if ( !NT_STATUS_IS_OK( ret ) ) TALLOC_FREE( idmap_alloc_ldap ); return ret; }